package com.example.demo.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/*
* 对security的配置
* */
@Configuration
@EnableWebSecurity//启用web安全功能
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class WebScurityConfig extends WebSecurityConfigurerAdapter {
    /*
    * 业务的用户密码验证
    * */
    @Autowired
    private UserDetailsServiceImpl userService;

    @Bean
    public JWTTokenFilter authenticationTokenFilterBean() throws Exception {
        return new JWTTokenFilter();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /** 
    * @Description: 通过重载配置user-detail服务
    * @Param:  
    * @return:  
    * @Author: wangze 
    */ 
    @Override
    protected void configure( AuthenticationManagerBuilder auth ) throws Exception {
//        System.out.println("用户认证");
        // 配置基于数据库的用户密码查询  密码使用security自带的BCryptEncoder（结合了随机盐和加密算法）
        auth.userDetailsService( userService ).passwordEncoder( new BCryptPasswordEncoder(12) );
    }

    /** 
    * @Description:  通过重载，配置如何通过拦截器保护请求
    * @Param:  
    * @return:  
    * @Author: wangze 
    */ 
    @Override
    protected void configure( HttpSecurity httpSecurity ) throws Exception {
//        System.out.println("配置token拦截器");
        httpSecurity
                .csrf().disable() //关闭csrf防护
                .cors()
                .and()
//                .authorizeRequests()
//                .antMatchers("/**").permitAll()
//                .anyRequest().authenticated()
//                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);


//                .authorizeRequests()//请求拦截策略
//                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
//                .antMatchers(HttpMethod.GET,"/api/user/**").permitAll()
//                .antMatchers(HttpMethod.POST,"/api/user/**").permitAll()
//                .antMatchers(HttpMethod.DELETE,"/api/user/**").permitAll()
//                .antMatchers(HttpMethod.PUT,"/api/user/**").permitAll()
//                .antMatchers(HttpMethod.POST,"/api/paper").permitAll()
//                .antMatchers(HttpMethod.GET,"/api/paper/**").permitAll()
//                .antMatchers(HttpMethod.GET,"/api/outcome/**").permitAll()
//                .antMatchers(HttpMethod.POST,"/api/outcome/**").permitAll()
//                .antMatchers(HttpMethod.GET,"/api/paper").permitAll()
//                .antMatchers(HttpMethod.POST,"/api/keyword").permitAll()
//                .antMatchers(HttpMethod.POST).authenticated()
//                .antMatchers(HttpMethod.PUT).authenticated()
//                .antMatchers(HttpMethod.DELETE).authenticated()
//                .antMatchers(HttpMethod.GET).authenticated();


//把token过滤器配置在security 用户名和密码过滤器之前
        httpSecurity
                .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

        httpSecurity.headers().cacheControl();
    }
}
